Global Privacy Notice

INFORMATION SERVICES GROUP, INC.

Last modified: 1 May 2019

Introduction

This privacy policy (the "Privacy Policy") explains what personal information we collect about you, why we collect the data, how we use your data, how your data is protected, when and with whom your personal information is shared and how to contact
us with questions or comments through your use of
isg-one.com (the "Homepage") and/or
isg-one.de (together the "Websites").

We know you care how information about you is used and shared and we appreciate your trust in us to do that carefully and sensibly.

This Privacy Policy is important; we hope you will take time to read it carefully.

1. Who Are We?

In this Privacy Policy, any reference to “ISG,” "we," "our" or "us" shall mean Information Services Group, Inc. and/or its affiliated companies around the world. References to "you" or "your" are references to the user
of the Websites.

If you have any questions relating to our use of your personal information, or any other related questions, please direct them to privacy@isg-one.com or write to us c/o Privacy Officer, ISG, Hays House, Millmead,
Guildford, Surrey, GU2 4HJ, UK. We will endeavor to respond within 30 days.

2. Information We Collect

We collect information from various sources and methods as described below.

Sources Of Information

We collect information about you or your devices from the following sources:

when you provide information to us when you make an inquiry on the Homepage, or when you subscribe to a newsletter or any other online service offered by us;

when you register for our mobile application;

when you provide information to us for the purposes of effecting a billing transaction via the Homepage;

when you provide information to us when making an online application for employment with Information Services Group, Inc. or its affiliated companies;

when you provide us with survey responses via external survey websites to help us improve our service offerings to you;

third parties to whom you have provided information with your consent to pass it on to other organizations or persons; and

your devices through which your information is obtained from automated means such as cookies, as described in the ‘Use of Cookies’ Section below.

In addition, we may collect any other information that you choose to disclose to us from time to time.

Types Of Information You Give To Us

name, company name, personal and business email address, phone number;

job level;

employment history;

profile photograph;

information relevant to events attendance such as dietary preferences, and requested accommodation.

Information We Collect Automatically

When you use our Websites or apps, we automatically collect and analyse certain information, which includes IP addresses, unique browser identifiers, browser and operating system information, length of visits, page views, device identifiers (such
as the Apple IDFA or Android Advertising ID), geolocation and other device-specific information, internet connection information as well as details about your interactions with our Websites and apps.

When you access ISG content via our apps, the apps will store an authentication token so you will not need to login every time.

Information We Collect From Third Parties

LinkedIn profile data;

Facebook profile data;

Google plus profile data; and

Twitter profile data;

3. Cookies

Use Of Cookies

In order to make visiting our Websites attractive and to enable the use of certain functions, we use cookies in some areas. Cookies are small text files that are stored on your computer's hard drive when you visit our Websites. Most of the cookies
we use are deleted from your hard drive after the end of the browser session (i.e., session cookies). Other cookies remain on your computer and allow us to recognize your computer the next time you visit our site (i.e., persistent / session-spanning
cookies). Persistent cookies are automatically deleted after a specified period of time, which can vary depending on the cookies. The cookies we use do not collect any information that can be used to track or identify individuals.

To find out more about how we use cookies, please see our Cookie Policy.

4. How We Use Information We Collect:

We use your information as follows:

On the basis of express consent, such as:

to register a user account in your name;

to register for our mobile application;

to help us identify you when you contact us;

to help us deal with and respond to your inquiries;

to help us deal with and respond to your periodic updates and subscription requests for ISG publications and events within the ‘Connection Center’;

to send you certain information at your request, including publications;

to improve the services offered by ISG following survey responses you provide to us via external survey websites;

to conduct surveys and report survey responses on behalf of our clients, so they may improve the services offered to you;

to enable you to share our content with others, e.g. by using the social media “share” functionality on our Websites (see Section 4 below for further details) and

to contact you via email about products and services offered by us and selected partners.

For our legitimate interests in conducting our business, such as:

to fulfill your requests;

to respond to your questions, concerns or customer service inquiries;

to communicate with you about your account;

to carry out certain marketing activities;

to conduct research and analysis (including surveys and the creation of statistical and testing information);

to perform group-wide analysis of usage patterns;

to enable you to access and use the services offered by our service providers; processing any transaction between you and a third party; and tracking sales (see Section 5 below for further details);

for events:

1.1 to publish attendee lists for our events

1.2 to provide relevant information (for hospitality and safety purposes) to hotels and other facilities involved in hosting the event attendees

1.3 to enforce the legal terms that govern our websites, apps and services

1.4 to create aggregated or anonymized data, which we may use or disclose without restriction

to monitor your compliance with the Websites' Terms of Use, which are incorporated into this Privacy Policy and set out at
terms of use and may be updated by us from time to time

We employ the companies and individuals set out in Section 5 to perform functions on our behalf and we may disclose your personal information to these parties for the purposes described above in this Section 4. For example, these parties may assist
us to fulfill orders, send postal mail and email, remove repetitive information from customer lists, analyse data, provide marketing assistance, process credit and debit card payments and provide customer service. Those parties are bound by strict
contractual provisions with us and only have access to personal information needed to perform their functions, and may not use it for other purposes. Further, they must process the personal information in accordance with this Privacy Policy and
as permitted by the General Data Protection Regulation (GDPR). From time to time, these other people and organizations to whom we may pass your personal information may be outside the European Economic Area (“EEA”) and such destinations
may not have laws which protect your personal data to the same extent as in the EEA. We are required by data protection law to ensure that where we or our “data processors” transfer your personal data outside the EEA, it is treated
securely and is protected against unauthorised access, loss or destruction, unlawful processing and any processing which is inconsistent with the purposes set out in this Privacy Policy. The table below in Section 5 sets out details of the third
parties to whom we currently disclose your personal data. The table also explains why these recipients need your personal data, whether or not they are our "data processors", any processing they perform outside the EEA, and the safeguards that
are used to protect your personal data if this happens. This information may be updated from time to time.

In addition:

If all, or substantially all, of our assets are acquired or are in the process of being acquired by a third party, in which case personal information held by us about our customers, will be one of the transferred assets;

To comply with applicable laws, protect rights, safety and property, and respond to lawful requests from public authorities (such as disclosing data in appropriate situations for national security or law enforcement purposes);

We may monitor and record communications with you (including phone conversations and emails), but we will do so in accordance with data protection legislation and other applicable law. Monitoring or recording will always be for business
purposes, such as for quality assurance and compliance, to prevent unauthorised use of our Websites, to ensure effective systems operation, to meet any legal obligation and/or to prevent or detect crime;

We will not disclose your personal information to any third party except in accordance with this Privacy Policy.

We will not sell or share your information or information with our service providers (other than our subsidiaries or affiliates) for their own promotional or marketing purposes unless you give us consent to do so and where permitted by applicable
law.

From 25th May 2018, you will have a right to object to our use of your personal information for these legitimate interests. If you raise an objection we will stop processing your personal information unless there are legitimate business
purposes or legal reasons which prevent us from doing so, in which case we will let you know why we are continuing to process your personal information. Please send an email to
privacy@isg-one.com if you wish to exercise this right and we will endeavor to respond to you within 30 days.

5. Disclosure Of Personal Information

We may disclose your personal information to other parties if this is necessary for the purpose of providing the services used or if you have given your prior consent. These parties include:

We retain your personal data for no longer than is necessary for the purpose(s) for which it was provided. What this means in practice will vary between different types of data. When determining the relevant retention periods, we take into account
factors including:

legal obligation(s) under applicable law to retain data for a certain period of time;

statute of limitations under applicable law;

potential or actual disputes; and

guidelines issued by relevant data protection authorities.

Otherwise, we securely erase your personal data from our systems when it is no longer needed.

7. How Can You Amend Your Preferences?

We believe it is important to give you choices about the use of your information. We will use your information as described in this Privacy Policy. If we want to use your information for a purpose not described in this Privacy Policy,
we will first get your consent to do so.

In some cases, you may directly access your online profiles and other personal details and amend, update, add or delete information yourself by logging into the relevant areas of our Websites and apps.

Any ISG publications and events communication we send you will include clear and concise instructions to follow should you wish to unsubscribe at any time. You may also amend your marketing preferences by accessing your personal details via ‘Connection
Center’, via the ‘email preferences’ or ‘unsubscribe’ link received at the bottom of emails or by emailing us at
contactus@isg-one.com.

Should you no longer wish to be contacted by us, you can advise us at any time by contacting us by sending an email to contactus@isg-one.com

8. How Your Personal Information Is Protected

We have implemented administrative, technical and physical security measures to help prevent unauthorized access. Despite these measures, no data transmission over the internet can be entirely secure, and we cannot and do not guarantee or warrant
the security of any information you transmit via our websites or apps.

We work to protect the security of your information during transmission by using Secure Sockets Layer (SSL) technology; data at rest is protected using EMC VMAX – DaRE encryption.

We maintain physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of personally identifiable customer information against loss, destruction, access, modification or dissemination of your data
by unauthorized persons. Our security procedures mean that we may occasionally request proof of identity before we disclose personal information to you.

Our data processing and our security precautions are constantly adapted to current circumstances and requirements in accordance with technological developments and are continuously developed further.

It is important for you to protect your access information and your computer against unauthorised access. Be sure to sign off and close the browser window when you finish communicating with us using a shared computer.

9. Your Personal Information Rights And How To Contact Us

You have certain rights under the General Data Protection Regulation including the right to request a copy of the personal information we hold about you, if you request it from us in writing:

Right to access: the right to obtain access to your information (if we’re processing it), and certain other information (similar to that provided in this Privacy Policy). This is so you’re aware and can check that
we’re using your information in accordance with data protection law;

Right to correct: the right to have your personal information rectified if it is inaccurate or incomplete;

Right to erasure: this is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there’s no compelling reason for us to keep using
it. This is not a general right to erasure; there are exceptions. For example, we have the right to continue using your personal data if such use is necessary for compliance with our legal obligations or for the establishment, exercise or
defence of legal claims.

Right to restrict our use of your information: the right to ‘block’ us from using your personal information or limit the way in which we can use it. Please note that your right to restrict processing is limited in
certain situations; for example when we are processing your personal information that we collected from you with your consent you can only request restriction on the basis of: (a) inaccuracy of data; (b) where our processing is unlawful and
you don’t want your personal information erased; (c) you need it for a legal claim; or (d) if we no longer need to use the data for the purposes for which we hold it. When processing is restricted, we can still store your information,
but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future;

Right to data portability: the right to request that we move, copy or transfer (where technically feasible) your personal information in a structured, commonly used and machine-readable format, for your own purposes across different
services. For example, if you decide to switch to a new provider, this enables you to move, copy or transfer your information easily between our IT systems and theirs safely and securely, without affecting its usability. Please note, this
right is limited to where: (a) you provided the personal data to us; (b) we are processing such data on the basis of your consent or to perform a contract with you; and (c) the processing is carried out by automated means;

Right to object: the right to object to our use of your personal information including where we use it for our legitimate interests, direct marketing or where we use your personal information to carry out profiling to inform our
market research and customer demographics (see Section 4 above);

Right to be informed: you have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we’re providing you with the information
in this Policy; and

Right to withdraw consent: if you have given your consent to anything we do with your personal information, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have
done with your personal information with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your personal information for marketing purposes.

This service is free of charge and requires you to prove your identity with two pieces of approved identification. We will use reasonable efforts consistent with our legal duty to supply, correct or delete personal information about you on our files.

To ask a question about this Privacy Policy please contact us by emailing privacy@isg-one.com or write to us c/o Privacy Officer, ISG, Hays House, Millmead, Guildford, Surrey, GU2 4HJ, UK and we will
endeavor to respond within one calendar month.

To exercise any of your rights set out in Section 9 of this Privacy Policy, please download and complete the Subject Access Request form by clicking here and email it along with copies of your two pieces of approved identification to privacy@isg-one.com and we will endeavor to respond within one calendar month.

When we receive formal written complaints, we will contact the person who made the complaint to follow up. We work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the processing
of personal data that we cannot resolve with our users directly.

If you are not satisfied with the way any complaint you make in relation to your personal information is handled by us then you may refer your complaint to the relevant data protection supervisory authority which in the UK is the ICO (Information
Commissioner’s Office).

If you have any questions about this Privacy Policy or how ISG processes your personal information, please contact us using the details in the preceding Section and we will attempt to answer your questions and satisfy your concerns in a timely and
complete manner as soon as possible.

If you are not satisfied with our response, you have the right to lodge a complaint with the relevant data protection supervisory authority in your country.

11. Privacy Of Children

The Websites are intended to be used by persons aged 18 and older. We do not seek to collect information about persons under the age of 18.

No information should be submitted to or posted on the Websites by persons younger than 18 years of age. If such a person submits personal information via the Websites, we shall delete that information as soon as we are made aware of their age and
thereafter shall not use it for any purpose whatsoever.

12. Changes To This Privacy Policy

We reserve the right to amend this Privacy Policy from time to time in order to ensure that it always complies with current legal requirements or to reflect an extension or modification of our range of services in the Privacy Policy. The date of the
most recent revision will appear on this page. If we make significant changes to this notice, we will also notify you by other means such as sending an email. Where required by law we will obtain your consent to make these changes.
If you do not agree with any changes please do not continue to use the Websites.